Get a valid cf_clearance cookie with the matching User-Agent. Pass the Cloudflare managed challenge once, then scrape freely with any HTTP client.
When Cloudflare shows a managed challenge page (the "Checking your browser" interstitial), it requires solving a challenge in a real browser. Once solved, Cloudflare issues a cf_clearance cookie that lets you bypass the challenge for subsequent requests.
The catch: the cookie is bound to the User-Agent that solved it. You must use the same UA string in your HTTP client, or Cloudflare will reject the cookie and show the challenge again.
Our solver returns both the cookie and the User-Agent. Set them in your requests and you're through.
import requests, time API = "https://api.pentium.sh" KEY = "PTM-your-api-key" # Get cf_clearance for a protected site task = requests.post(f"{API}/createTask", json={ "clientKey": KEY, "task": { "type": "AntiCloudflareTask", "websiteURL": "https://protected-site.com" } }).json() # Poll for result while True: result = requests.post(f"{API}/getTaskResult", json={ "clientKey": KEY, "taskId": task["taskId"] }).json() if result["status"] == "ready": break time.sleep(3) sol = result["solution"] # Use cookie + matching User-Agent s = requests.Session() s.headers["User-Agent"] = sol["userAgent"] s.cookies.set( "cf_clearance", sol["cf_clearance"], domain="protected-site.com" ) # Now scrape freely page = s.get("https://protected-site.com/data") print(page.status_code) # 200
const API = "https://api.pentium.sh"; const KEY = "PTM-your-api-key"; const { taskId } = await fetch(`${API}/createTask`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ clientKey: KEY, task: { type: "AntiCloudflareTask", websiteURL: "https://protected-site.com" } }) }).then(r => r.json()); let solution; while (!solution) { await new Promise(r => setTimeout(r, 3000)); const res = await fetch(`${API}/getTaskResult`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ clientKey: KEY, taskId }) }).then(r => r.json()); if (res.status === "ready") solution = res.solution; } // Use the cookie + UA const page = await fetch("https://protected-site.com/data", { headers: { "User-Agent": solution.userAgent, "Cookie": `cf_clearance=${solution.cf_clearance}` } });
The cf_clearance cookie is bound to the User-Agent that solved the challenge.
Every solve returns a userAgent field. You must send this exact string as your User-Agent header in all subsequent requests. If the UA doesn't match, Cloudflare will reject the cookie.
cf_clearance cookies typically last 30 minutes to 24 hours depending on the site's Cloudflare configuration. Monitor for 403 responses and re-solve when the cookie expires.
Some Cloudflare configurations bind the clearance to the solving IP. If you need IP-bound clearance, contact us about proxy mode for this task type.
For best results, use an HTTP client with a modern TLS fingerprint (curl-cffi, tls-client, or similar). Standard requests/urllib may trigger a new challenge even with a valid cookie.
| Parameter | Type | Required | Description |
|---|---|---|---|
| type | string | Yes | AntiCloudflareTask |
| websiteURL | string | Yes | The URL that shows the Cloudflare challenge page |
{ "errorId": 0, "status": "ready", "solution": { "cf_clearance": "yHSsN7x...", "userAgent": "Mozilla/5.0 (Windows NT 10.0; rv:136.0) Gecko/20100101 Firefox/136.0" } }